kazhnuz/koblog
1
0
Fork 0
Code Issues 34 Pull requests 1 Projects 4 Releases Packages Wiki Activity Actions

MIME Type Check for Issue #1218 and #1212

Browse source 
MIME Type Check for Issue #1218 and #1212
This commit is contained in:
SamBrishes 2020-06-28 10:36:41 +02:00
parent 7d8b895c8e
commit eb74980021
4 changed files with 31 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
bl-kernel/ajax/logo-upload.php
View file

@ -24,12 +24,20 @@ if (Text::stringContains($_FILES['inputFile']['name'], DS, false)) {
// File extension // File extension
$fileExtension = Filesystem::extension($_FILES['inputFile']['name']); $fileExtension = Filesystem::extension($_FILES['inputFile']['name']);
$fileExtension = Text::lowercase($fileExtension); $fileExtension = Text::lowercase($fileExtension);
if (!in_array($fileExtension, $GLOBALS['ALLOWED_IMG_EXTENSION']) ) { if (!in_array($fileExtension, $GLOBALS['ALLOWED_IMG_EXTENSION'])) {
$message = $L->g('File type is not supported. Allowed types:').' '.implode(', ',$GLOBALS['ALLOWED_IMG_EXTENSION']); $message = $L->g('File type is not supported. Allowed types:').' '.implode(', ',$GLOBALS['ALLOWED_IMG_EXTENSION']);
Log::set($message, LOG_TYPE_ERROR); Log::set($message, LOG_TYPE_ERROR);
ajaxResponse(1, $message); ajaxResponse(1, $message);
} }
// File MIME Type
$fileMimeType = Filesystem::mimeType($_FILES['inputFile']['tmp_name']);
if (!in_array($fileMimeType, $GLOBALS['ALLOWED_IMG_MIMETYPES'])) {
$message = $L->g('File mime type is not supported. Allowed types:').' '.implode(', ',$GLOBALS['ALLOWED_IMG_MIMETYPES']);
Log::set($message, LOG_TYPE_ERROR);
ajaxResponse(1, $message);
}
// Final filename // Final filename
$filename = 'logo.'.$fileExtension; $filename = 'logo.'.$fileExtension;
if (Text::isNotEmpty( $site->title() )) { if (Text::isNotEmpty( $site->title() )) {
@ -57,4 +65,4 @@ ajaxResponse(0, 'Image uploaded.', array(
'absolutePath'=>PATH_UPLOADS.$filename 'absolutePath'=>PATH_UPLOADS.$filename
)); ));
?> ?>

10
bl-kernel/ajax/profile-picture-upload.php
View file

@ -35,6 +35,14 @@ if (!in_array($fileExtension, $GLOBALS['ALLOWED_IMG_EXTENSION']) ) {
ajaxResponse(1, $message); ajaxResponse(1, $message);
} }
// Check file MIME Type
$fileMimeType = Filesystem::mimeType($_FILES['profilePictureInputFile']['tmp_name']);
if (!in_array($fileMimeType, $GLOBALS['ALLOWED_IMG_MIMETYPES'])) {
$message = $L->g('File mime type is not supported. Allowed types:').' '.implode(', ',$GLOBALS['ALLOWED_IMG_MIMETYPES']);
Log::set($message, LOG_TYPE_ERROR);
ajaxResponse(1, $message);
}
// Tmp filename // Tmp filename
$tmpFilename = $username.'.'.$fileExtension; $tmpFilename = $username.'.'.$fileExtension;
@ -61,4 +69,4 @@ ajaxResponse(0, 'Image uploaded.', array(
'absolutePath'=>PATH_UPLOADS_PROFILES.$filename 'absolutePath'=>PATH_UPLOADS_PROFILES.$filename
)); ));
?> ?>

10
bl-kernel/ajax/upload-images.php
View file

@ -63,6 +63,14 @@ foreach ($_FILES['images']['name'] as $uuid=>$filename) {
ajaxResponse(1, $message); ajaxResponse(1, $message);
} }
// Check file MIME Type
$fileMimeType = Filesystem::mimeType($_FILES['images']['tmp_name'][$uuid]);
if (!in_array($fileMimeType, $GLOBALS['ALLOWED_IMG_MIMETYPES'])) {
$message = $L->g('File mime type is not supported. Allowed types:').' '.implode(', ',$GLOBALS['ALLOWED_IMG_MIMETYPES']);
Log::set($message, LOG_TYPE_ERROR);
ajaxResponse(1, $message);
}
// Move from PHP tmp file to Bludit tmp directory // Move from PHP tmp file to Bludit tmp directory
Filesystem::mv($_FILES['images']['tmp_name'][$uuid], PATH_TMP.$filename); Filesystem::mv($_FILES['images']['tmp_name'][$uuid], PATH_TMP.$filename);
@ -84,4 +92,4 @@ ajaxResponse(0, 'Images uploaded.', array(
'images'=>$images 'images'=>$images
)); ));
?> ?>

3
bl-kernel/boot/variables.php
View file

@ -108,3 +108,6 @@ $GLOBALS['DB_TAGS_TYPES'] = array('published','static','sticky');
// Allowed image extensions // Allowed image extensions
$GLOBALS['ALLOWED_IMG_EXTENSION'] = array('gif', 'png', 'jpg', 'jpeg', 'svg'); $GLOBALS['ALLOWED_IMG_EXTENSION'] = array('gif', 'png', 'jpg', 'jpeg', 'svg');
// Allowed image mime types
$GLOBALS['ALLOWED_IMG_MIMETYPES'] = array('image/gif', 'image/png', 'image/jpeg', 'image/svg+xml');